OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ResourceRequest.h" | 9 #include "platform/network/ResourceRequest.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); | 116 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); |
117 | 117 |
118 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); | 118 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); |
119 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); | 119 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); |
120 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); | 120 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); |
121 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); | 121 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); |
122 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); | 122 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); |
123 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); | 123 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
124 } | 124 } |
125 | 125 |
| 126 TEST_F(CSPSourceTest, IsSubsumedNotSimilar) { |
| 127 struct TestCase { |
| 128 String aScheme; |
| 129 String bScheme; |
| 130 String aHost; |
| 131 String bHost; |
| 132 String aPath; |
| 133 String bPath; |
| 134 int aPort; |
| 135 int bPort; |
| 136 } cases[] = { |
| 137 {"http", "http", "example.com", "another.com", "/", "/", 0, 0}, |
| 138 {"wss", "http", "example.com", "example.com", "/", "/", 0, 0}, |
| 139 {"wss", "about", "example.com", "example.com", "/", "/", 0, 0}, |
| 140 {"http", "about", "example.com", "example.com", "/", "/", 0, 0}, |
| 141 {"http", "http", "example.com", "example.com", "/path1.html", |
| 142 "/path2.html", 0, 0}, |
| 143 {"http", "http", "example.com", "example.com", "/", "/", 433, 800}, |
| 144 }; |
| 145 for (const auto& test : cases) { |
| 146 CSPSource* returned = |
| 147 new CSPSource(csp.get(), test.aScheme, test.aHost, test.aPort, |
| 148 test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 149 CSPSource* required = |
| 150 new CSPSource(csp.get(), test.bScheme, test.bHost, test.bPort, |
| 151 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 152 EXPECT_FALSE(returned->isSubsumed(required)); |
| 153 // Verify the same test with a and b swapped. |
| 154 EXPECT_FALSE(required->isSubsumed(returned)); |
| 155 } |
| 156 } |
| 157 |
| 158 TEST_F(CSPSourceTest, IsSubsumedNoWildcards) { |
| 159 struct TestCase { |
| 160 String aScheme; |
| 161 String bScheme; |
| 162 String aPath; |
| 163 String bPath; |
| 164 int aPort; |
| 165 int bPort; |
| 166 bool expected; |
| 167 bool expectedWhenSwapped; |
| 168 } cases[] = { |
| 169 // Equal signals |
| 170 {"http", "http", "/", "/", 0, 0, true, true}, |
| 171 {"https", "https", "/", "/", 0, 0, true, true}, |
| 172 {"http", "http", "/page1.html", "/page1.html", 0, 0, true, true}, |
| 173 {"http", "http", "/", "/", 80, 80, true, true}, |
| 174 {"https", "https", "/", "/", 80, 80, true, true}, |
| 175 {"https", "https", "/page1.html", "/page1.html", 0, 0, true, true}, |
| 176 {"http", "http", "/page1.html", "/page1.html", 80, 80, true, true}, |
| 177 {"https", "https", "/page1.html", "/page1.html", 80, 80, true, true}, |
| 178 // One stronger signal in the first CSPSource |
| 179 {"https", "http", "/", "/", 0, 0, true, false}, |
| 180 {"http", "http", "/page1.html", "/", 0, 0, true, false}, |
| 181 {"http", "http", "/", "/", 800, 0, false, false}, // ports do not match |
| 182 // Two stronger signals in the first CSPSource |
| 183 {"https", "http", "/page1.html", "/", 0, 0, true, false}, |
| 184 {"https", "http", "/", "/", 800, 0, false, false}, |
| 185 {"http", "http", "/page1.html", "/", 800, 0, false, false}, |
| 186 // Three stronger signals in the first CSPSource |
| 187 {"https", "http", "/page1.html", "/", 800, 0, false, |
| 188 false}, // ports do not match |
| 189 // Mixed signals |
| 190 {"https", "http", "/", "/page1.html", 0, 0, false, false}, |
| 191 {"https", "http", "/", "/", 0, 800, false, false}, |
| 192 {"http", "http", "/page1.html", "/", 0, 800, false, false}, |
| 193 }; |
| 194 |
| 195 for (const auto& test : cases) { |
| 196 CSPSource* returned = |
| 197 new CSPSource(csp.get(), test.aScheme, "example.com", test.aPort, |
| 198 test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 199 |
| 200 CSPSource* required = |
| 201 new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort, |
| 202 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 203 |
| 204 EXPECT_EQ(returned->isSubsumed(required), test.expected); |
| 205 // Verify the same test with a and b swapped. |
| 206 EXPECT_EQ(required->isSubsumed(returned), test.expectedWhenSwapped); |
| 207 } |
| 208 |
| 209 // When returned CSP has a wildcard but the required csp does not, then it is |
| 210 // not subsumed. |
| 211 // returned csp has a host wildcard. |
| 212 for (const auto& test : cases) { |
| 213 CSPSource* returned = new CSPSource( |
| 214 csp.get(), test.aScheme, "example.com", test.aPort, test.aPath, |
| 215 CSPSource::HasWildcard, CSPSource::NoWildcard); |
| 216 |
| 217 CSPSource* required = |
| 218 new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort, |
| 219 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 220 |
| 221 EXPECT_FALSE(returned->isSubsumed(required)); |
| 222 } |
| 223 |
| 224 // required csp has a host wildcard now too. |
| 225 for (const auto& test : cases) { |
| 226 CSPSource* returned = new CSPSource( |
| 227 csp.get(), test.aScheme, "example.com", test.aPort, test.aPath, |
| 228 CSPSource::HasWildcard, CSPSource::NoWildcard); |
| 229 |
| 230 CSPSource* required = new CSPSource( |
| 231 csp.get(), test.bScheme, "example.com", test.bPort, test.bPath, |
| 232 CSPSource::HasWildcard, CSPSource::NoWildcard); |
| 233 |
| 234 EXPECT_EQ(returned->isSubsumed(required), test.expected); |
| 235 } |
| 236 } |
| 237 |
| 238 TEST_F(CSPSourceTest, IsSubsumedWildcards) { |
| 239 // Hosts must be equal, schemes matching as well as paths. |
| 240 struct TestCase { |
| 241 CSPSource::WildcardDisposition aHostDispotion; |
| 242 CSPSource::WildcardDisposition aPortDispotion; |
| 243 CSPSource::WildcardDisposition bHostDispotion; |
| 244 CSPSource::WildcardDisposition bPortDispotion; |
| 245 bool expected; |
| 246 } cases[] = { |
| 247 // One out of four possible wildcards. |
| 248 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
| 249 CSPSource::NoWildcard, false}, |
| 250 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
| 251 CSPSource::NoWildcard, false}, |
| 252 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
| 253 CSPSource::HasWildcard, true}, |
| 254 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
| 255 CSPSource::NoWildcard, true}, |
| 256 // Two out of four possible wildcards. |
| 257 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
| 258 CSPSource::NoWildcard, false}, |
| 259 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
| 260 CSPSource::NoWildcard, true}, |
| 261 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard, |
| 262 CSPSource::HasWildcard, false}, |
| 263 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
| 264 CSPSource::NoWildcard, false}, |
| 265 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
| 266 CSPSource::HasWildcard, true}, |
| 267 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
| 268 CSPSource::HasWildcard, true}, |
| 269 // Three out of four possible wildcards. |
| 270 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
| 271 CSPSource::NoWildcard, false}, |
| 272 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard, |
| 273 CSPSource::HasWildcard, false}, |
| 274 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard, |
| 275 CSPSource::HasWildcard, true}, |
| 276 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
| 277 CSPSource::HasWildcard, true}, |
| 278 // Four out of four possible wildcards. |
| 279 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard, |
| 280 CSPSource::HasWildcard, true}, |
| 281 }; |
| 282 // There are different cases for wildcards but now also the second CSPSource |
| 283 // has a more specific path. |
| 284 for (const auto& test : cases) { |
| 285 CSPSource* returned = |
| 286 new CSPSource(csp.get(), "http", "example.com", 0, "/", |
| 287 test.aHostDispotion, test.aPortDispotion); |
| 288 CSPSource* required = |
| 289 new CSPSource(csp.get(), "http", "example.com", 0, "/", |
| 290 test.bHostDispotion, test.bPortDispotion); |
| 291 EXPECT_EQ(returned->isSubsumed(required), test.expected); |
| 292 |
| 293 // Wildcards should not matter when required csp is stricter than returned |
| 294 // csp. |
| 295 CSPSource* required2 = |
| 296 new CSPSource(csp.get(), "https", "example.com", 0, "/", |
| 297 test.bHostDispotion, test.bPortDispotion); |
| 298 EXPECT_FALSE(returned->isSubsumed(required2)); |
| 299 } |
| 300 } |
| 301 |
| 302 TEST_F(CSPSourceTest, IsSubsumedSchemesOnly) { |
| 303 struct TestCase { |
| 304 String aScheme; |
| 305 String bScheme; |
| 306 bool expected; |
| 307 } cases[] = { |
| 308 // HTTP |
| 309 {"http", "http", true}, |
| 310 {"http", "https", false}, |
| 311 {"https", "http", true}, |
| 312 {"https", "https", true}, |
| 313 // WSS |
| 314 {"ws", "ws", true}, |
| 315 {"ws", "wss", false}, |
| 316 {"wss", "ws", true}, |
| 317 {"wss", "wss", true}, |
| 318 // Unequal |
| 319 {"ws", "http", false}, |
| 320 {"http", "ws", false}, |
| 321 {"http", "about", false}, |
| 322 }; |
| 323 for (const auto& test : cases) { |
| 324 CSPSource* returned = |
| 325 new CSPSource(csp.get(), test.aScheme, "example.com", 0, "/", |
| 326 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 327 CSPSource* required = |
| 328 new CSPSource(csp.get(), test.bScheme, "example.com", 0, "/", |
| 329 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 330 EXPECT_EQ(returned->isSubsumed(required), test.expected); |
| 331 } |
| 332 } |
| 333 |
126 } // namespace blink | 334 } // namespace blink |
OLD | NEW |